Defined Type: sslcert::x509_to_pkcs12
- Defined in:
- modules/sslcert/manifests/x509_to_pkcs12.pp
Summary
create pkcs12 file from a x509 public/private key pairOverview
SPDX-License-Identifier: Apache-2.0
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'modules/sslcert/manifests/x509_to_pkcs12.pp', line 11
define sslcert::x509_to_pkcs12 (
Wmflib::Ensure $ensure = 'present',
Stdlib::Unixpath $public_key = "/etc/ssl/localcerts/${title}.crt",
Stdlib::Unixpath $private_key = "/etc/ssl/private/${title}.key",
Stdlib::Unixpath $outfile = "/etc/ssl/localcerts/${title}.p12",
Optional[String[1]] $password = undef,
String $owner = 'root',
String $group = 'root',
Optional[Stdlib::Unixpath] $certfile = undef,
) {
ensure_packages(['openssl'])
$_certfile = $certfile ? {
undef => '',
default => "-certfile ${certfile}",
}
$_password = $password ? {
undef => '',
default => $password,
}
$create_pkcs12_command = @("CREATE_PKCS12_COMMAND"/L)
/usr/bin/openssl pkcs12 -export ${_certfile} \
-in ${public_key} \
-inkey ${private_key} \
-out ${outfile} \
-password 'pass:${_password}'
|- CREATE_PKCS12_COMMAND
$check_certificates_match = @("CHECK_CERTIFICATES_MATCH_COMMAND"/L)
/usr/bin/test \
"$(/usr/bin/openssl x509 -in ${public_key})" == \
"$(/usr/bin/openssl pkcs12 -password 'pass:${password}' -in ${outfile} -clcerts -nokeys | openssl x509)"
|- CHECK_CERTIFICATES_MATCH_COMMAND
if $ensure == 'present' {
exec {"sslcert generate ${title}.p12":
command => $create_pkcs12_command,
unless => $check_certificates_match,
require => Package['openssl'],
before => File[$outfile],
}
}
file {$outfile:
ensure => $ensure,
owner => $owner,
group => $group,
mode => '0440',
}
}
|